Role Description
Trusted authority on global privacy regulation and AI governance β a DPO-like profile combining hands-on delivery (DPIA, ROPA, privacy program builds) with working fluency in reading and interpreting privacy law. Not a substitute for outside counsel, but able to translate regulatory text into program requirements without waiting on legal for every question.
Where you'll Leave Your Mark / Things You'll Build
What you'll do
-
Lead delivery of DPIAs, ROPA build-outs, privacy program gap assessments, GDPR/DPDP/EU AI Act compliance programs, cross-border transfer assessments (SCCs, adequacy), and privacy notice/policy reviews.
-
Serve as Sprinto's internal authority on evolving privacy regulation: GDPR enforcement trends, India's DPDP Rules, EU AI Act phased obligations, US state privacy laws (CCPA/CPRA, VCDPA, etc.), and other regional frameworks (PDPL, PIPL) as customer demand requires.
-
Build and maintain DPIA templates, ROPA templates, legitimate interest assessment frameworks, and AI governance/impact assessment templates mapped to EU AI Act risk tiers.
-
Define packaging for privacy services (e.g., DPIA-as-a-service, ROPA sprint, privacy program build fixed-fee tiers).
-
Own pricing, margin, and utilization on your engagement book; forecast capacity for privacy demand.
-
Partner with Sales/SE/CS on privacy-attach opportunities.
-
Build AI-assisted DPIA/ROPA generation playbooks with mandatory human validation gates.
-
Define explicit boundaries/disclaimers: this role provides regulatory/program guidance, not legal advice.
-
Support customers navigating regulator inquiries or breach-notification timelines in an advisory capacity only.
Qualifications
-
5+ years in privacy consulting, DPO/privacy office roles, or in-house privacy program ownership.
-
Hands-on DPIA and ROPA delivery at scale β not just policy drafting.
-
Deep knowledge of GDPR and India's DPDP Act.
-
Working knowledge of EU AI Act, US state privacy laws, and awareness of other regional frameworks (PDPL, PIPL).
-
Legal background (JD/LLM, or paralegal/compliance-law experience) β enough to read and interpret regulatory text independently for routine questions.
-
Demonstrated use of AI tools to reduce manual effort and standardize deliverables.
-
Comfortable owning pricing/margin for a specialized, judgment-heavy service line.
-
Excellent written communication; confident handling ambiguous regulatory questions in live customer settings.
Requirements
-
IAPP certifications (CIPP/E, CIPM, CIPT, FIP), formal DPO certification.
-
Utilization % and gross margin on privacy engagements.
-
Regulatory-change responsiveness β time to update playbooks after new guidance/rules land.
-
QA pass rate, rework rate, CSAT.
-
Attach rate for privacy services; deal-unblock impact where privacy expertise was the gating factor.
Benefits
-
Work wherever you are: 100% remote work flexibility.
-
Co-working allowance for those who prefer a shared workspace.
-
Annual commitment of USD 1,000 for personal skill development.
-
Unlimited leave for personal resets.
-
Health insurance coverage up to INR 10 lakh for you and your family.
-
Accident protection of an additional INR 10 lakh and life insurance worth 3x your annual salary.
-
INR 35,000 contribution towards your workspace setup.
Company Description
Sprinto is an Autonomous Trust Platform that centralizes trust requirements across security frameworks, vendors, and customers. Sprinto autonomously executes tasks needed to maintain trust across compliance, audits, risk management, vendor risk, privacy, and AI governance, enabling organizations to maintain a strong, reliable trust posture without draining operational bandwidth and resources on repetitive tasks.
Founded in 2020 by second-time founders Girish Redekar and Raghuveer Kancherla, Sprinto powers compliance for organizations like Whatfix, Encora, Anaconda, Whatnot, Ultrahuman, WeWork, Everstage, AI Foundation, HackerRank, and many more.